Re: LDAP authentication with uid

Wed, 23 Mar 2016 01:42:07 -0700 

Hi,

Maybe this will help you. I am using this for testing purpose and I am sure
that there are some more scure examples but ...
This is a test user, test group and test apache2 config part:

User:

dn: uid=ptest,ou=CS,ou=Policy,ou=SDM,dc=lab,dc=os
objectClass: posixAccount
objectClass: top
objectClass: inetOrgPerson
objectClass: shadowAccount
gidNumber: 27782
givenName: Proba
sn: Test
displayName: Proba Test
uid: ptest
homeDirectory: /home/ptest
gecos: This is a test user
loginShell: /bin/bash
shadowFlag: 0
shadowMin: 0
shadowMax: 99999
shadowWarning: 0
shadowInactive: 99999
shadowLastChange: 12011
shadowExpire: 99999
cn: Proba Test
uidNumber: 51893
userPassword: {SSHA}sdssdske38734mjfFGGHJJ23434dsdsfs=
mail: [email protected]

Group:

dn: cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
objectClass: posixGroup
objectClass: top
cn: proba
memberUid: ptest
memberUid: labadmin
gidNumber: 28370

Apache config:

    <Directory /var/www>
        #Options Indexes FollowSymLinks MultiViews
        AllowOverride AuthConfig
        Order allow,deny
        allow from all
    </Directory>

    <Location />
        AuthType Basic
        AuthName "Software"
        AuthBasicProvider ldap
        AuthLDAPURL  "ldap://192.168.15.140:389/ou=SDM,dc=lab,dc=os?uid";
        AuthLDAPGroupAttributeIsDN off
        AuthLDAPGroupAttribute memberUid
        Require ldap-group cn=proba,ou=Posix,ou=Groups,ou=SDM,dc=lab,dc=os
    </Location>




On 22 March 2016 at 22:22, Cole <[email protected]> wrote:

> Hi Mary,
>
> If this is similar to ssh auth against LDAP using uid, the dn would
> look like the following
> dn: uid=christine,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com
>
> Now I am not sure how Apache does the lookup, but if I am wrong, maybe
> someone else can reply.
>
> Regards
> /Cole
>
> On 22 March 2016 at 21:33, Mary Kao <[email protected]> wrote:
> > Hello,
> >
> > This is a real newbie question ::)
> >
> > I have configured apache httpd to use LDAP for basic authentication
> (userid
> > and password).
> > I am not sure what the directory DN should look like when using "uid"
> rather
> > than "cn"?
> >
> > In my LDAP directory I have:
> >
> > dn: cn=Christine Smith,ou=ELOGAccounts,ou=RavenApps,dc=my-domain,dc=com
> > objectClass: top
> > objectClass: person
> > objectClass: organizationalPerson
> > objectClass: uidObject
> > cn: Christine Smith
> > sn: Smith
> > uid: christine
> > userPassword:: Y2hyaXN0aW5l
> >
> >
> > Where do I put the "uid" so that when the httpd sends over the uid the
> ldap
> > server will search on it?
> >
> > Thank you,
> > Mary
> >
> >
>
>

Reply via email to